Further Reading

The Wall Street Journal reports that South Korean officials suspect North Korean hackers in the digital theft from Youbit on December 19, making it the latest victim in a string of bitcoin repository hacks and frauds over the last six years. Attackers made off with 17 percent of the exchange's cryptocurrency assets, including an undisclosed amount of bitcoin. In the wake of the attack, Youbit has declared bankruptcy and is allowing customers to withdraw only 75 percent of their accounts; the remainder will be paid out after the company is liquidated.

There have been three documented attacks attributed to North Korea against other South Korean cryptocurrency exchanges this year, including one against Youbit's predecessor company, Yapizon, in April—in which even more cryptocurrency was stolen.

This is the second major bitcoin-related digital heist reported this month. On December 7, the Slovenia-based cryptocurrency-mining exchange service NiceHash was robbed of more than $60 million dollars' worth of bitcoin in a security breach.

In a report released in September, FireEye noted that North Korea's interest in obtaining—and stealing—cryptocurrency has risen as sanctions imposed by the United Nations Security Council have mounted. The thefts earlier this year were linked to North Korea through malware and tradecraft, though the earlier Yapizon theft—which specifically targeted four digital wallets at the service—varied in its approach from the others. It may not be linked to the most recent attack.

Since May 2017, we have observed North Korean actors target at least three South Korean cryptocurrency exchanges with the suspected intent of stealing funds... The spear phishing we have observed in these cases often targets personal email accounts of employees at digital currency exchanges, frequently using tax-themed lures and deploying malware (PEACHPIT and similar variants) linked to North Korean actors suspected to be responsible for intrusions into global banks in 2016.

One of the three exchanges was compromised by the attackers.

The attraction of cryptocurrencies to North Korea is fairly obvious. The North Korean regime can access cryptocurrency funds with little fear of running into regulatory roadblocks. And the mounting value of bitcoin delivers high returns on the thefts and obfuscation efforts. Plus, cryptocurrencies are relatively easy to "launder," either through the use of coin "tumbler" services (spreading out the contents of pilfered wallets across multiple smaller transactions to a large collection of other wallets makes tracking their provenance difficult) or by converting them into less easily traceable cryptocurrencies. In the case of the funds collected by the WannaCry worm's associated wallets, the wallets were emptied and apparently exchanged for XMR, the "untraceable" private digital currency backed by Monero.

All this digital currency theft doesn't add up to a lot relative to the entire bitcoin market. But for North Korea, which has a gross domestic product smaller than many American cities—roughly $16 billion, about the same as the metropolitan area of Fort Wayne, Indiana—a million here and a million there are vital to keeping the nation's economy afloat.

When you know that North Korea is cut off and poor to the point that their embassies engage in activities such as hosting proms and selling cigarettes to raise foreign currency, it's not exactly a shock that they would do this. A random quote:

"North Korean embassies have spent decades running cash-raising schemes, nearly all of them illicit under current international law. Diplomats and their underlings have brokered deals for weapons and drugs, and more mundane products like machine tools and cows. They have also smuggled liquor, cigarettes, luxury cars and anything else that can be imported duty free and then sold at a gain."

This is just pure negligence. An exchange will need a hot wallet to handle realtime withdraw requests but the overwhelming majority (>95%+) of the cryptocurrency should be in offline cold storage. Any incoming deposits should go directly to cold storage to prevent the hot wallet from getting bloated due to imbalance of deposits and withdraws. Periodically the hot wallet will be reloaded from the cold storage as it is depleted.

To do otherwise would be the equivalent of a millionaire walking around with literally a million dollars in cash wherever he goes and being surprised he got mugged.

People who piss away computer hardware and gigawatts of energy to perform the mathematical equivalent of Sisyphean busywork... or a regime that keeps millions of people beholden to a personality cult following that engages in gobsmacking human rights violations.

Since the transaction history is public in the blockchain this seems on the surface that the fraud path would be trivial to track down. Yes, I know it's not that easy ... but could it be made easier with a different design?

I'm sure the fraud trail ends quickly in a transfer to a different type of asset. Who should be responsible for exchanging stolen goods? Can transactions be unwound? Would a mandatory cooling off period—perhaps one that scales by transaction size—prevent transactions to obfuscation wallets?

This is just pure negligence. An exchange will need a hot wallet to handle realtime withdraw requests but the overwhelming majority (>95%+) of the cryptocurrency should be in offline cold storage. Any deposits should go directly to cold storage to prevent the hot wallet from getting bloated due to imbalance of deposits and withdraws.

To do otherwise would be the equivelent of a millionaire walking around with literally a million dollars in cash wherever he goes and being surprised he got mugged.

Yep, and look at Nicehash for instance. They said most of their funds were in cold storage, yet also were hit by 80 million USD worth of losses in the hack...Something's not right there, and yet they have the audacity to start teasing coming back without even having explained the vunerability or what will be better.

The simple solution is the easy one. Cut off their internet at cable level. There are only two problems preventing this.

1. China.2. Russia.

With current idiot in the seat of president of the U.S I guess nothing is going to happen regarding this issue.

A flash drive full of bitcoins is easy to smuggle to any cafe internet connection where in the world.

You literally couldn't cut off their internet at cable level. North Korea internet traffic routes through China.

So very easy to do.

Mr Trump: "MERIKA!!! No China, I'm not sorry. I start every phone call that way. Now down to the deal. NK has been tweeting lies about me. They say I'm orange, fat, and stupid. So sad. So if you do not take them off the internet forever I will impose a 35% tariff on all Chinese goods. This tariff will be YUGE! My tariffs are best tariffs. MERIKA!!" *CLICK*

How is it a country that is stuck so far in the past has people capable of something like this? I mean, it's not like the bitcoin market is made-up of people who don't know technology, these are people who are very skilled as it pertains to technology in general, so it just astounds me that North Korea of all places has a team capable of such... I don't know... cyber warfare?

Because just like every other murderous totalitarian regime, there is an elite that lives at billionaire levels and they pay a security apparatus to keep it that way. Just keep your eyes open in case Il Douche starts getting ideas.

NK is doing a good job of alienating itself from the rest of the world. Even China is upset at this point. I sure hope the world can find a diplomatic solution, otherwise the outcomes are very ugly.

Is China actually upset or do they just want the rest of the world to think they are? Sure, they've cut off bits of trade here and there but they haven't done anything that would well and truly squeeze NK and they've complained about US efforts. They clearly don't want a nuclear war to break out in Korea, but I suspect they're just fine with everyone being worried about what Kim does next. It gives them some leverage.

Maybe I don't fully understand how this system works, but are they planning on paying Chinese companies for food/machine parts/coal shipments/etc in bitcoin? Because I don't really see how they'd be able to cash them out for meatspace money otherwise.

NK is doing a good job of alienating itself from the rest of the world. Even China is upset at this point. I sure hope the world can find a diplomatic solution, otherwise the outcomes are very ugly.

Is China actually upset or do they just want the rest of the world to think they are? Sure, they've cut off bits of trade here and there but they haven't done anything that would well and truly squeeze NK and they've complained about US efforts. They clearly don't want a nuclear war to break out in Korea, but I suspect they're just fine with everyone being worried about what Kim does next. It gives them some leverage.

China is in something of a no win situation with NK. If they squeeze too hard, they very well could wind up with a failed state on their border. That leaves them with three bad choices – a completely collapsed economy with a refugee nightmare, take over the government and keep it afloat by placing a major drain on their own economy, or accept reunification with SK and American troops next door.

Russia, OTOH, likes the situation just the way it is with NK as a problem for its two biggest international rivals.

NK is doing a good job of alienating itself from the rest of the world. Even China is upset at this point. I sure hope the world can find a diplomatic solution, otherwise the outcomes are very ugly.

Is China actually upset or do they just want the rest of the world to think they are? Sure, they've cut off bits of trade here and there but they haven't done anything that would well and truly squeeze NK and they've complained about US efforts. They clearly don't want a nuclear war to break out in Korea, but I suspect they're just fine with everyone being worried about what Kim does next. It gives them some leverage.

Except DPRK awhile ago stopped doing anything China asked. So they don't really have leverage. Which is what has China pissed about and at DPRK/Kim.

If he/they danced to China's tune still, they'd be more than happy waving around the mad little puppet dictator and his thousands of artillery pieces pointed a Seoul . But a nuclear armed one that sticks its fingers in it's ears and goes "nananannananananna, I can't hear you!" isn't something China wants.

When you're developing intercontinental ballistic missiles and nuclear weapons while under some of the harshest economic sanctions the world has seen, every bit—and every bitcoin—apparently helps.

North Korea may be poor, yes it is true, no one argue that fact, but U.S. isn't that much better off either. The different between these two nations is U.S. has unlimited incomes sources with a huge expenses pay off and ended up owing Japan trillion dollars its first creditor of the U.S. and owing China the second creditor another trillion dollar while North Korea has limited incomes for the U.S. sanctions but North Korea has less payroll to pay off their employees. Meaning they live cheap. That okay, right? Cheap means they don't drive a BMW or a Rolls. It really balanced it out with no one comes ahead. If this is a fact, my thought is and between U.S. and North Korea there's no one wins the first prize of good economic award.

There's this guy walking around with suits and tie and shinny shoes but has only a few pennies in his pant packets and you have this guy dressed like a homeless with torn jeans and a torn t-shirt with thousand holes and wearing a pair of old shoes but he has a stack of Benjamin Franklin in his shirt packet.

And often this confuse a lot of people - especially to the coffee shop waitresses for them to tell who is actually the rich and who is actually the poor.

Oh well...

Correct me if I'm wrong here but I though Japan was the 2nd place creditor by a huge margin and China was in 3rd by even more. The US is the US's number one creditor. Some people like to leave this out.

NK is doing a good job of alienating itself from the rest of the world. Even China is upset at this point. I sure hope the world can find a diplomatic solution, otherwise the outcomes are very ugly.

Is China actually upset or do they just want the rest of the world to think they are? Sure, they've cut off bits of trade here and there but they haven't done anything that would well and truly squeeze NK and they've complained about US efforts. They clearly don't want a nuclear war to break out in Korea, but I suspect they're just fine with everyone being worried about what Kim does next. It gives them some leverage.

Sadly, this is the only way people will learn that if you're not in control of your Bitcoin keys, it's not your Bitcoin.

It sucks that people have to lose money and learn the hard way. But eventually, they will learn that the whole point of Bitcoin; is to eliminate the counterparty risk.

If you're just going to treat Bitcoin the same way you're going to treat fiat, you are subject to all of the centralization we're supposed to be getting away from in the first place.

truly decentralized exchanges will be possible in all lightning network coins in the future, same goes for a decentralized "nicehash" type of service. But until then, these services are huge honeypots for thieves.

When you're developing intercontinental ballistic missiles and nuclear weapons while under some of the harshest economic sanctions the world has seen, every bit—and every bitcoin—apparently helps.

North Korea may be poor, yes it is true, no one argue that fact, but U.S. isn't that much better off either. The different between these two nations is U.S. has unlimited incomes sources with a huge expenses pay off and ended up owing Japan trillion dollars its first creditor of the U.S. and owing China the second creditor another trillion dollar while North Korea has limited incomes for the U.S. sanctions but North Korea has less payroll to pay off their employees. Meaning they live cheap. That okay, right? Cheap means they don't drive a BMW or a Rolls. It really balanced it out with no one comes ahead. If this is a fact, my thought is and between U.S. and North Korea there's no one wins the first prize of good economic award.

There's this guy walking around with suits and tie and shinny shoes but has only a few pennies in his pant packets and you have this guy dressed like a homeless with torn jeans and a torn t-shirt with thousand holes and wearing a pair of old shoes but he has a stack of Benjamin Franklin in his shirt packet.

And often this confuse a lot of people - especially to the coffee shop waitresses for them to tell who is actually the rich and who is actually the poor.

Oh well...

Correct me if I'm wrong here but I though Japan was the 2nd place creditor by a huge margin and China was in 3rd by even more. The US is the US's number one creditor. Some people like to leave this out.

No the US is not the US's number one creditor, Americans are. I think that's a fairly significant difference in that they make up the 1%.

No the US is not the US's number one creditor, Americans are. I think that's a fairly significant difference in that they make up the 1%.

Actually, most of the people to whom the debt is owed are Not the 1 per centers. About 1/3 of the national debt is owed to the Social Security Administration. Another third is owed to various pension funds.

No the US is not the US's number one creditor, Americans are. I think that's a fairly significant difference in that they make up the 1%.

Actually, most of the people to whom the debt is owed are Not the 1 per centers. About 1/3 of the national debt is owed to the Social Security Administration. Another third is owed to various pension funds.

Well good point... but then again that 1/3 SSA is a liability, and not an actual amount that's reflected in the current balance. At the end of the day the 1% will still have to buy that portion, or China..